US government user data requests continue to rise, says Google

Posted January 24, 2013 - 08:25
by
Emma Woollacott

The US once again heads Google's list of governments that request its user data - and nearly 70 percent of requests came without a warrant.

Instead, they came through subpoenas under the 1986 Electronic Communications Privacy Act (ECPA), an already-unpopular law which was created long before the technologies it's now used to regulate. The act allows access to data that's more than 180 days old without a warrant.

According to Google, 22 percent of requests came through ECPA search warrants, generally as orders issued by judges based on a demonstration of probable cause. The remaining 10 percent were mostly court orders issued under ECPA by judges or other processes.

"EFF has long criticized ECPA for not providing email with the same warrant protection as the Fourth Amendment gives to physical letters and phone calls. The Justice Department believes that it doesn’t need a warrant for emails over 180 days," says the Electronic Frontier Foundation's Trevor Timm.

"Google’s lawyers, to their credit, have criticized the law as well, saying just this week, 'our view is that [ECPA] is out of compliance with the Fourth Amendment because the government can call for the production of your data without a search warrant'."

In total, from July through December of last year, US law enforcement made nearly 8,500 requests for user data, relating to nearly 15,000 people. This means the country accounts for about 40 percent of requests worldwide. And the number's increasing, with around 33 percent more requests during 2012 than in 2011.

Google acceded to 88 percent of requests, but turned down 12 percent.

"Twelve percent is a scary number because it means Google believes the requests are illegal," points out Chris Calabrese, legislative counsel for the ACLU.

"This begs the question as to how many companies have the courage to deny the government’s request for user data or have a strong enough compliance department to even distinguish between a lawful and an unlawful request for user data."